0

I have a program that runs some validations on objects in active directory and one of my checks is to see if the expiry date is set within a year. With a UserPrincipal object I can check the .AccountExpirationDate date to see if it has one but how would I look at that date to see if it's set to expire within a year?

This is currently what I'm rolling with

protected Check AccountExpiresMandatoryCheck = new Check()
{
    ResultMessageTemplate = "User(s) don't have an expiry date or expiry date is greater than 1 year",
    Run = delegate(Principal principal, AccountPoint point)
    {
        UserPrincipal user = principal as UserPrincipal;
        if (user == null) return false;
        return user.AccountExpirationDate != null || //check here if the date is a year or less;
    }
};

I realize stuff like a Check and AccountPoint are custom objects made by me but I'm hoping that won't prevent anyone from answering my question of;

How would I check if the expiry date was set to be a year or less

BlueBarren
  • 321
  • 7
  • 24
  • Are you trying to see if the date is within one year of the current date, or if the expiration date was set a year away from the day it was created? – efischency Sep 13 '16 at 19:53
  • @efischency I'm thinking the second one. – BlueBarren Sep 13 '16 at 20:00
  • I don't think you are going to get what you are looking for then. Mostly due to the fact that I am guessing your sysadmin could change that expiration date, and without tracking all of the changes how would you know what it was initially set to? – efischency Sep 13 '16 at 20:28
  • @efischency that's what I was worried about. Hmmm... what to do then... – BlueBarren Sep 14 '16 at 13:31

2 Answers2

0

You should be able to check the difference from current date and see if the expiration days is less than 365 or against any reference date that you want. But you can get all sort of values from the difference and compare against that

var dateDifference = theUser.AccountExpirationDate - DateTime.Now;
if (dateDifference != null)
    Debug.WriteLine(dateDifference.Value.Days);
Versatile
  • 459
  • 5
  • 20
0

It's tough to tell exactly what you're after, but this may help.

DateTime oneYearAgoToday = DateTime.Today.AddYears(-1);
return user.AccountExpirationDate != null || user.AccountExpirationDate > oneYearAgoToday;
BRass
  • 3,698
  • 2
  • 28
  • 46
  • Thanks for the answer but comparing to today's date doesn't really help me see the length of the expiry. If someone were to go and increase the expiry by less than a year so it's still within the year then I don't think this would pick that up. Although something is better than nothing so I'll consider it. – BlueBarren Sep 14 '16 at 13:38
  • I guess for my purposes this actually does do what I want it to. A user's account at any point in the year should never be greater than a year. – BlueBarren Sep 14 '16 at 14:06